SSL VPN protocol detection method based on flow analysis

A traffic analysis and detection method technology, applied in the field of network security, can solve the problems of not distinguishing between SSLVPN and HTTPS, and insufficient management, so as to achieve the effect of simple implementation and high efficiency

Active Publication Date: 2008-10-29
SHANGHAI JIAO TONG UNIV
View PDF0 Cites 23 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, both SSL VPN and HTTPS use SSL protocol packets on TCP port 443, so how to distinguish them is a difficult problem
[0009] After investigation, there are no reports of work in this area at home and abroad. In

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SSL VPN protocol detection method based on flow analysis
  • SSL VPN protocol detection method based on flow analysis
  • SSL VPN protocol detection method based on flow analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0065] The embodiments of the present invention are described in detail below in conjunction with the accompanying drawings: this embodiment is implemented on the premise of the technical solution of the present invention, and detailed implementation methods and specific operating procedures are provided, but the protection scope of the present invention is not limited to the following the described embodiment.

[0066] Such as figure 1 As shown, the SSL VPN monitoring system is divided into two parts, the central end and the agent end, and this embodiment is specifically described in conjunction with the SSL VPN monitoring system:

[0067] The agent end is distributed and configured on the switch mirror ports in the border network of each unit. The agent end has two network interfaces, one is used to capture packets, and the other is used to communicate with the central end. The SSL VPN traffic will flow through the border network switch and be captured by the monitoring sys...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a detecting method of an SSL VPN protocol based on flow analysis, which is used for the field of network security. The method of the invention comprises the steps that: firstly, circular monitoring is carried out by opening the promiscuous mode of a network card on an intelligent agent or probe machines; a BPF filter is arranged to fetch HTTPS messages which comprise possibly existing SSL VPN messages; SSL VPN detection method is carried out to the fetched messages. The method of the invention detects that whether the flow is applied to HTTPS or to SSL VPN according to time-domain features of the SSL VPV communication flow and a plurality of handshake protocol features when the VPN is established. By using an HASH table to substitute for database querying, the method of the invention has high speed and is simple and stable.

Description

technical field [0001] The invention relates to a protocol detection method in the field of network security, in particular to a traffic analysis-based SSL VPN protocol detection method. Background technique [0002] Secure Sockets Layer (SSL) is used to ensure the security of data transmission on the Internet. Using data encryption technology, it can ensure that data will not be intercepted and eavesdropped during transmission on the network. The SSL protocol is located between the TCP / IP protocol and various application layer protocols, providing security support for data communication. [0003] HTTPS Secure Hypertext Transfer Protocol is an HTTP channel aimed at security. Simply speaking, it is a secure version of HTTP. That is, the SSL layer is added under HTTP, and the HTTPS protocol uses port 443 instead of using port 80 to communicate with TCP / IP like HTTP. [0004] SSL VPN works between the transport layer and the application layer, and uses the SSL protocol that c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/24
Inventor 蒋兴浩周志洪李建华张月国蔡伟
Owner SHANGHAI JIAO TONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap